2021-03-21 09:30:04 +00:00
|
|
|
from bundlewrap.metadata import atomic
|
|
|
|
|
2020-12-13 13:59:44 +00:00
|
|
|
defaults = {
|
|
|
|
'apt': {
|
|
|
|
'packages': {
|
|
|
|
'unbound': {},
|
|
|
|
'unbound-anchor': {},
|
|
|
|
},
|
|
|
|
},
|
2020-12-13 14:22:19 +00:00
|
|
|
'cron': {
|
2021-01-29 16:58:24 +00:00
|
|
|
'unbound_refresh_root-hints': '{} {} * * {} root wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
|
2020-12-13 14:22:19 +00:00
|
|
|
node.magic_number%60,
|
|
|
|
node.magic_number%24,
|
|
|
|
node.magic_number%7,
|
|
|
|
),
|
|
|
|
},
|
2020-12-13 13:59:44 +00:00
|
|
|
'nameservers': {
|
|
|
|
'127.0.0.1',
|
|
|
|
},
|
|
|
|
'unbound': {
|
|
|
|
'max_ttl': 3600,
|
2020-12-22 08:22:37 +00:00
|
|
|
'cache_size': '512M',
|
2020-12-13 13:59:44 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2021-04-23 17:31:28 +00:00
|
|
|
if node.has_bundle('telegraf'):
|
|
|
|
defaults['telegraf'] = {
|
|
|
|
'input_plugins': {
|
|
|
|
'builtin': {
|
|
|
|
'unbound': [{
|
|
|
|
'thread_as_tag': True,
|
2021-04-24 09:45:58 +00:00
|
|
|
'use_sudo': True
|
2021-04-23 17:31:28 +00:00
|
|
|
}],
|
|
|
|
},
|
|
|
|
},
|
2021-04-24 09:45:58 +00:00
|
|
|
'sudo_commands': {
|
|
|
|
'/usr/sbin/unbound-control',
|
|
|
|
},
|
2021-04-23 17:31:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-12-13 13:59:44 +00:00
|
|
|
|
2021-01-07 17:44:38 +00:00
|
|
|
@metadata_reactor.provides(
|
|
|
|
'unbound/threads',
|
|
|
|
'unbound/cache_slabs',
|
|
|
|
)
|
2020-12-22 08:22:37 +00:00
|
|
|
def cpu_cores_to_config_values(metadata):
|
|
|
|
num_cpus = metadata.get('vm/cpu', 1)
|
|
|
|
|
2020-12-13 13:59:44 +00:00
|
|
|
return {
|
|
|
|
'unbound': {
|
2020-12-22 08:22:37 +00:00
|
|
|
'threads': num_cpus*2,
|
|
|
|
'cache_slabs': 2**(num_cpus-1).bit_length(),
|
2020-12-13 13:59:44 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-01-07 17:44:38 +00:00
|
|
|
@metadata_reactor.provides(
|
2021-06-03 11:59:15 +00:00
|
|
|
'firewall/port_rules',
|
2021-01-07 17:44:38 +00:00
|
|
|
)
|
2021-06-03 11:59:15 +00:00
|
|
|
def firewall(metadata):
|
2020-12-13 13:59:44 +00:00
|
|
|
return {
|
2021-06-03 11:59:15 +00:00
|
|
|
'firewall': {
|
2021-03-21 09:30:04 +00:00
|
|
|
'port_rules': {
|
|
|
|
'53': atomic(metadata.get('unbound/restrict-to', set())),
|
|
|
|
'53/udp': atomic(metadata.get('unbound/restrict-to', set())),
|
2020-12-13 13:59:44 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|